[libvirt PATCH v3] cgroup/LXC: Do not condition availability of v2 by controllers
mkoutny at suse.com
Mon Oct 24 15:52:04 UTC 2022
(Sorry for a stitched mail below, I'm not subscribed to the ML so this is
what I got from public archives. Please, keep me Cced.)
On 10/24/22 13:54, Pavel Hrdina wrote:
> I don't like this at all and IMO this is incorrect fix of the issue you
> are trying to address. In hybrid mode with systemd the cgroup v2
> controller is not a real controller. It's something systemd uses for
> process tracking and some other features. It is owned by systemd and we
> should not touch it directly at all.
I very much agree with this. Despite that I suggested the posted patch
 because libvirt/lxc apparently violates systemd rules of exclusive
access to cgroup hierarchies already. (At least that's how I understand
the migration between libvirtd.service and target
machine.slice/.../*.scope.) The patch is meant as a quick (and
admittedly dirty) fix to the issue that users have been reporting with
libvirt/lxc in the hybrid mode for several months.
> We need to use proper systemd APIs to make any changes to that
> directory or if needed ask systemd to create cgroup with Delegate=yes
> which in this case is probably also not the correct approach.
Yes, as I wrote in the commit message, there seems to be some
inconsistency in what libvirt core vs libvirt/lxc uses to access
cgroups. Using always systemd API would seem most consistent but I'd
retain the current patch as a workaround provided it doesn't break
things more (than the current state).
On 10/24/22 13:28, Pavel Hrdina wrote:
> What I've seen is that hybrid systemd environments have:
> but it doesn't mean that it is mounted in V1 cgroup filesystem.
> In this case the /sys/fs/cgroup is tmpfs filesystem and there is nothing
> mounted over V1.
As a more detailed explanation why the reversed order works:
It relies on the tmpfs mount over the ro-path in the v1
virCgroupBindMount so that ../unified mount directory can be created
for the v2 mount.
(IIUC, this is related to the environment inside the container where
libvirt/lxc attempts to prepare hybrid-like cgroup setup.)
 v1 in https://bugzilla.opensuse.org/show_bug.cgi?id=1183247#c35
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: Digital signature
More information about the libvir-list